Statement on Recent Security Disclosures by Halborn

Today, Halborn disclosed vulnerabilities in some code forks of Bitcoin Core, which could be exploited to crash nodes. An attacker could potentially take advantage of these vulnerabilities to crash mining nodes, and thus reduce (by approximately 50%)  the amount of hashpower required to mount a 51% attack. 

Zcash was one of the currencies affected by this disclosure, as zcashd is a code fork of Bitcoin Core. ECC has released new versions of zcashd that remediate the vulnerabilities. Anyone who runs a zcashd node should update immediately.

There is no evidence to suggest that these vulnerabilities have been exploited on the Zcash network, and there is no reason to suspect that the Zcash network is susceptible to a 51% attack (even if the required hashpower were reduced by 50%). 

Zebra is an independent Zcash node implementation, and is not based on Bitcoin Core. Halborn has confirmed that Zebra is not vulnerable to these issues. However, we have taken the precaution of hardening certain sections of our codebase to make Zebra more resilient to similar memory exhaustion attacks.

We would like to express our gratitude to ECC for coordinating the Zcash ecosystem’s response to this security disclosure. We would also like to thank Halborn for responsibly disclosing these vulnerabilities.